Privacy Policy

Knit (the “Service”) is an AI-based contact management service operated by Oprai (a sole proprietorship, the “Company”). This policy explains how the Company collects, uses, stores, and protects users’ personal information. Inquiries are received at idolovu@gmail.com.

Knit accesses data in your Google account only when you have explicitly authorized the connection.

• Scope of access — Google People API contacts (.../auth/contacts, read and write).
• Read — to import your Google contacts into Knit.
• Write — to sync contacts you organize or add in Knit back to your Google contacts, so they appear in your phone's address book.
• Google Calendar (read-only) — Google Calendar (.../auth/calendar.readonly). Only when you explicitly connect your calendar. Knit reads your upcoming events to show them alongside your tasks on the home screen. Events are displayed only and are not stored on Knit servers.

This data is used solely for your own contact management features. You can disconnect Google at any time on your profile page; when you do, the stored OAuth token is deleted immediately and access is revoked on Google's side as well.

Knit’s use of information received from Google APIs, and its transfer to any other app, adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Knit:

• does not use it for any purpose other than providing the contact management features described to the user.
• does not sell it to third parties.
• does not use it for advertising purposes or transfer it to advertising providers.
• does not use it to train AI or machine learning models.
• is not read by humans — except with the user's explicit consent, for security investigations, to comply with legal obligations, or in the case of aggregated and anonymized data.

Text recognition (OCR) and structuring of business card images is performed by AI models. Knit uses only models that do not use input data for model training (Zero Data Retention), and processed data is not retained by the AI providers.

The information collected is used solely to provide the Service — business card recognition and structuring, deduplication, contact syncing, change notifications, two-way matching and workspaces, and your own digital business card. The Company does not use user information for advertising.

All data is stored on infrastructure in the Seoul, Korea region (Vercel, Neon Postgres, Vercel Blob, ICN1). Data is isolated per account and encrypted in transit and at rest. Sensitive information such as OAuth tokens is protected separately.

To operate the Service, the Company subcontracts processing to the following categories of providers — hosting, database, and file storage (Vercel, Neon), authentication (Google), AI processing (model providers via Vercel AI Gateway), email delivery (Resend), and real-time calls (LiveKit). Subcontractors are contractually bound to the same level of protection as this policy.

The Company does not sell users' personal information to third parties and does not share it for advertising purposes. It is not provided externally except for the processing subcontracting in Section 8, the user's explicit consent, or where legally required. In two-way matching and workspaces, the profile information you have set to public may be shown to a person you have exchanged business cards with — and this occurs only through your explicit actions, such as QR sharing, invitations, or saving.

You can delete individual contacts at any time. When you delete your account, all contacts, profiles, images, and OAuth tokens are immediately and permanently deleted. Original business card images are kept after processing, and you may choose to delete them.

You may request to access, correct, delete, or export your information, and you may disconnect Google or Microsoft integrations at any time. Requests go to idolovu@gmail.com.

If this policy changes, we will post it on this page and update the effective date. Contact: Oprai · idolovu@gmail.com.